Skip to content
← Back to the festival

Privacy Policy and Cookie Policy

Concept for review - not yet legally vetted. This is an internal draft. The facts, processors, and legal bases described below still need to be confirmed, and the document should be checked by a qualified privacy or legal professional before it is published. Items marked TO VERIFY are not yet confirmed.

Last updated: [DATE PLACEHOLDER]

This document explains how the Phono Lake Festival website handles your personal data and how we use cookies and similar technologies. It applies to the website for Phono Lake Festival x Breakfast Club, taking place on Saturday 12 September 2026 at the Sloterplas in Amsterdam, the Netherlands.

We have written this in plain language so it is easy to read. The document has two parts: (1) the Privacy Policy and (2) the Cookie Policy.

Note: tickets are not sold on this website. Ticketing is handled entirely by Resident Advisor (ra.co), which is a separate company with its own privacy policy. See the section "Ticketing is handled by Resident Advisor" below.

The festival is an 18+ event. This website and our newsletter are intended for adults. See "Children and age" below.


Part 1: Privacy Policy

Who is responsible for your data

The organisation responsible for your personal data (the "controller" under the General Data Protection Regulation, or GDPR) is:

Phono Lake B.V. KvK (Dutch Chamber of Commerce) number: 98281976 [Registered business address: TO VERIFY AND ADD before publishing]

For any privacy question or request, you can contact us at:

Email: info@phonolakefestival.org

Which law applies

We process personal data in line with the GDPR, the Dutch implementation law (Uitvoeringswet AVG, or UAVG), and the Dutch and European rules on cookies and electronic communications (ePrivacy). The Dutch supervisory authority for data protection is the Autoriteit Persoonsgegevens (AP).

What data we collect, why, and on what legal basis

This is a simple marketing website. We only collect what is described below.

1. Newsletter sign-up

If you sign up for our newsletter, your email address is sent to Mailchimp, the service we use to manage and send our newsletter.

When you submit the form, our website also receives a timestamp (the moment you signed up) and a "source" field (which records where the sign-up came from, for example which page or campaign). These two fields are used only to process your submission at that moment. They are not stored in our newsletter list and are not sent to Mailchimp. Only your email address (together with an internal tag we use to organise our list) is sent to Mailchimp and kept there.

Why: to send you occasional festival updates, such as line-up reveals and ticket releases.

Legal basis: your consent. We use single opt-in, which means your sign-up is active as soon as you submit the form. You can withdraw your consent at any time (see "How to withdraw your consent" below).

Who processes it: Mailchimp, operated by The Rocket Science Group LLC (part of Intuit), based in the United States. This means your email address is transferred to the United States (see "Sending data outside the EU" below).

2. Meta Pixel (advertising and measurement)

Our website can use the Meta Pixel, a tool from Meta (Facebook and Instagram). The Meta Pixel only loads after you click "Accept" on our cookie banner. If you do not accept, it does not load and does not collect anything.

When active, the Meta Pixel can collect:

  • Information about how you interact with and browse the website.
  • Your IP address.
  • Device and browser information.

It also records two specific events. When the Pixel loads, it sends a standard page view event. In addition, if you have accepted marketing cookies and then successfully sign up for our newsletter, the Pixel sends a conversion event (a "Lead" event) to Meta. This tells Meta that this browser signed up, which lets us measure and improve our advertising. This conversion event is only sent if you accepted marketing cookies. If you declined, no event is sent.

Why: to measure how our website and advertising perform, to optimise our advertising, and to help show relevant ads.

Legal basis: your consent (given through the cookie banner). You can withdraw your consent at any time (see "How to withdraw your consent" and the Cookie Policy below).

Who is involved and your privacy at Meta: the Meta Pixel involves Meta Platforms Ireland Ltd and, in the United States, Meta Platforms Inc. For the Pixel, we and Meta are not simply a company and its supplier. Meta acts as a joint controller with us for part of this processing (the collection and transmission of your data through the Pixel), under Meta's controller and joint-controller terms for its business tools. Once your data reaches Meta, Meta also uses it for its own purposes under its own terms, which can include building profiles and targeting ads to you across its platforms. This goes beyond simple measurement. You can read how Meta handles your data in Meta's own Privacy Policy. This also involves a transfer of data to the United States (see "Sending data outside the EU" below).

[TO VERIFY: confirm the exact Meta business tools / joint-controller arrangement against Meta's current terms before publishing.]

3. Website hosting and server logs

Our website is hosted by Vercel Inc., based in the United States. To serve the site and keep it secure, Vercel automatically records standard server and access logs. These logs can include your IP address, the pages requested, and basic technical information about the request.

Why: to operate the website, keep it available, and protect it against abuse and security threats.

Legal basis: our legitimate interest in running a secure and functioning website. Because this is based on our legitimate interest, you have the right to object to it (see "Your rights", Objection).

Who processes it: Vercel Inc., based in the United States, acting on our behalf. This involves a transfer of data to the United States (see "Sending data outside the EU" below).

4. Your cookie choice (consent storage)

When you make a choice in our cookie banner, we store that choice in your browser so we do not have to ask you again on every visit. This is described in more detail in the Cookie Policy below. Storing your choice is strictly necessary to respect your preference, so it does not require separate consent.

The providers we work with

We use a small number of service providers. Their roles differ, so we list them separately rather than treating them all the same way.

Processors (they handle data strictly on our behalf and on our instructions):

  • Mailchimp (The Rocket Science Group LLC, part of Intuit), United States: newsletter management and email delivery.
  • Vercel Inc., United States: website hosting and server logs.

Joint controller for the Meta Pixel:

  • Meta (Meta Platforms Ireland Ltd and Meta Platforms Inc), United States: advertising measurement and optimisation through the Meta Pixel, only after you give consent. For the Pixel, Meta is a joint controller with us, not a processor acting only on our behalf, and Meta also processes your data for its own purposes. See section 2 above.

Sending data outside the EU

The providers above are based in or transfer data to the United States. When personal data is sent outside the European Economic Area, we rely on appropriate safeguards as required by the GDPR. As far as we are aware, these are:

  • Mailchimp (Intuit): relies on the EU-US Data Privacy Framework. [TO VERIFY: confirm current DPF certification before publishing.]
  • Vercel Inc.: relies on the European Commission's Standard Contractual Clauses (SCCs). [TO VERIFY: confirm Vercel's current transfer mechanism before publishing.]
  • Meta: relies on the European Commission's Standard Contractual Clauses (SCCs) together with additional measures, and where applicable the EU-US Data Privacy Framework. [TO VERIFY: confirm Meta's current mechanism before publishing.]

You can ask us for more information about these safeguards, including a copy of the relevant Standard Contractual Clauses, by emailing info@phonolakefestival.org.

How long we keep your data

  • Newsletter data: we keep your email address in our newsletter list until you unsubscribe. If you have not engaged with our emails for a longer period (our target is 12 months of inactivity), we may also remove your data. [TO VERIFY: confirm the inactivity period.]
  • Newsletter timestamp and source: as explained above, these are used only to process your submission and are not stored by us or by Mailchimp.
  • Meta Pixel data: once data reaches Meta, it is kept according to Meta's own retention periods, which Meta sets and documents. We do not control this period. You can read Meta's retention information in Meta's Privacy Policy.
  • Server logs: Vercel keeps standard access logs for a short, limited period and then deletes them. [TO VERIFY: confirm Vercel's actual log retention period, for example a number of days, and state it here.]

We do not sell your data

We do not sell your personal data. We do not carry out automated decision-making that produces legal effects or similarly significant effects on you (see "Your rights", which covers your position on automated decisions). We do not profile you ourselves. The only profiling that can occur is on Meta's side: once your data is shared with Meta after you consent, Meta may use it for its own advertising targeting and profiling under Meta's terms. You can read more in Meta's Privacy Policy.

Your rights

Under the GDPR you have the following rights:

  • Access: to ask what personal data we hold about you.
  • Rectification: to correct data that is wrong or incomplete.
  • Erasure: to ask us to delete your data ("right to be forgotten").
  • Restriction: to ask us to limit how we use your data.
  • Data portability: to receive your data in a common format, or have it transferred where technically possible.
  • Objection: to object to processing based on our legitimate interest (this applies to our server logs).
  • Withdraw consent: where we rely on consent (the newsletter and the Meta Pixel), you can withdraw it at any time. This does not affect the lawfulness of processing before you withdrew it.
  • Automated decisions: you have the right not to be subject to a decision based solely on automated processing that has legal or similarly significant effects. As noted above, we do not make such decisions.

Exercising these rights is free of charge. To keep your data safe, we may need to verify your identity before we act on a request. To use any of these rights, email us at info@phonolakefestival.org. We will respond within the time limits set by the GDPR.

Right to complain

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens (AP) Website: autoriteitpersoonsgegevens.nl Postal address: Postbus 93374, 2509 AJ Den Haag, the Netherlands Phone: 088 1805 250

If you live in another EU country, you may also contact the data protection supervisory authority in your own country.

How to withdraw your consent

  • Newsletter: click the "unsubscribe" link at the bottom of any newsletter email, or email us at info@phonolakefestival.org.
  • Meta Pixel and other consent-based cookies: use the "Cookie settings" control to reopen the cookie banner and change your choice (see the Cookie Policy below), or change your choice through your browser settings.

If you withdraw consent for the Meta Pixel after previously accepting, the Pixel will not load on your future visits. Cookies that Meta already set during your earlier visit remain on your device until they expire or until you delete them in your browser. You can delete them at any time through your browser settings.

Withdrawing consent is free and does not affect anything we lawfully did before you withdrew it.

Children and age

The festival is an 18+ event, and this website and our newsletter are intended for people aged 18 and over. Our online services are not directed at children under 16, and we do not knowingly collect personal data from them. Under Dutch law, consent for children under 16 must be given or authorised by a parent or guardian. If you are a parent or guardian and you believe a child under 16 has signed up to our newsletter or had their data collected through this site, please contact us at info@phonolakefestival.org and we will delete it.

Ticketing is handled by Resident Advisor

Tickets for the festival are sold through Resident Advisor (ra.co), not on this website. When you click a ticket link, you leave our site and go to Resident Advisor's platform. Resident Advisor is a separate company that acts as its own data controller for any data you provide there (such as payment and order details). This Privacy Policy does not cover Resident Advisor. Please read their own privacy policy on ra.co.

Changes to this policy

We may update this document from time to time, for example if our tools or legal requirements change. The "Last updated" date at the top shows when it was last revised.


Part 2: Cookie Policy

This Cookie Policy explains the cookies and similar storage technologies we use on the Phono Lake Festival website, what they do, and how you can control them.

What are cookies and similar technologies

Cookies are small files placed on your device when you visit a website. Similar technologies include "local storage", which lets a website store small pieces of information in your browser. We use a small amount of local storage (to remember your cookie choice) and, only with your consent, cookies set by the Meta Pixel.

How we ask for consent

When you browse the site for the first time, a cookie banner appears. Marketing cookies and similar technologies (the Meta Pixel) only load after you click "Accept". If you decline, they are not loaded. Strictly necessary storage works without consent, because it is needed to make the site function and to remember your choice.

Note: the banner appears as you start to scroll the page, so that it does not cover the main content on first load. Nothing is loaded and no choice is recorded until you act on the banner. [TO VERIFY: confirm this scroll-triggered behaviour is intended, or show the banner immediately on first visit.]

The categories we use

1. Strictly necessary: your consent choice

NameProviderPurposeTypeStored valueDuration
plf-cookiesPhono Lake (this website)Remembers the cookie choice you made, so we do not ask again on every visitLocal storage (first-party)accepted or declinedNo automatic expiry. Persists until you clear your browser data
  • Consent: not required. This is strictly necessary to respect your preference and to make the banner work correctly.
  • How to remove it: clear your browser's site data or local storage for this website. If you do, you will see the cookie banner again on your next visit.

2. Marketing: Meta Pixel

This category loads only after you click "Accept". It does not load if you decline.

NameProviderPurposeTypeDuration
_fbpMetaIdentifies the browser and links it to ad activity, so we can measure and optimise advertisingFirst-party cookieAround 90 days (set by Meta)
_fbcMetaStores an ad click identifier when you arrive from a Meta ad, used to attribute the visitFirst-party cookieAround 90 days (set by Meta)
(script)MetaThe Pixel loads a script from connect.facebook.net, which sends interaction data, your IP address, and device and browser information to MetaThird-party scriptNot a stored cookie

What it does: it measures how our website and advertising perform, helps optimise our advertising, and helps show relevant ads. As described in the Privacy Policy, it also sends a conversion event ("Lead") to Meta if you accepted marketing cookies and then sign up for the newsletter.

  • Consent: required. This category runs only with your consent.
  • Where the data goes: to Meta (Meta Platforms Ireland Ltd and Meta Platforms Inc in the United States). For the Pixel, Meta is a joint controller, not just our supplier. See "Sending data outside the EU" and section 2 of the Privacy Policy above.

The exact cookie names and durations are set by Meta and may change over time. For the current details, see Meta's own cookie documentation.

How to refuse or withdraw consent for cookies

You are always in control. You can:

  • Decline at the banner: choose "Decline" when the cookie banner appears, so marketing cookies never load.
  • Change your mind later: use the "Cookie settings" control to reopen the banner and switch your choice. [TO BUILD AND VERIFY: a persistent "Cookie settings" control needs to be added to the site, for example in the footer, so people can reopen the banner with one click. Until that control exists, the only way to change a previous choice is to clear your browser's site data for this website, which makes the banner appear again.]
  • Use your browser settings: most browsers let you block or delete cookies and local storage. Check your browser's help pages for instructions. Blocking strictly necessary storage may mean the site cannot remember your preference.

Please note that if you previously accepted, withdrawing consent stops the Meta Pixel from loading on future visits, but it does not delete cookies Meta already placed during that earlier visit. Those remain until they expire or until you delete them through your browser settings.

Cookies on Resident Advisor

If you go to Resident Advisor (ra.co) to buy tickets, any cookies set there are governed by Resident Advisor's own cookie and privacy policy, not this one.

Questions

If you have any questions about cookies or this policy, contact us at info@phonolakefestival.org.